Seagate ST100FX0002 manual Random number generator RNG, Drive locking, Data bands, Locking SP

Page 44

8.2.2Locking SP

The Locking SP controls read/write access to the media and the cryptographic erase feature. Access to the Locking SP is available using the BandMasterX or EraseMaster passwords. Since the drive owner can define up to 16 data bands on the drive, each data band has its own password called BandMasterX where X is the number of the data band (0 through 15).

8.2.3Default password

When the drive is shipped from the factory, all passwords are set to the value of MSID. This 32-byte random value is printed on the drive label and it can be read by the host electronically over the I/O. After receipt of the drive, it is the responsibility of the owner to use the default MSID password as the authority to change all other passwords to unique owner-specified values.

8.3Random number generator (RNG)

The drive has a 32-byte hardware RNG that it is uses to derive encryption keys or, if requested to do so, to pro- vide random numbers to the host for system use, including using these numbers as Authentication Keys (pass- words) for the drive’s Admin and Locking SPs.

8.4Drive locking

In addition to changing the passwords, as described in Section 8.2.3, the owner should also set the data access controls for the individual bands.

The variable "LockOnReset" should be set to "PowerCycle" to ensure that the data bands will be locked if power is lost. This scenario occurs if the drive is removed from its cabinet. The drive will not honor any data READ or WRITE requests until the bands have been unlocked. This prevents the user data from being accessed without the appropriate credentials when the drive has been removed from its cabinet and installed in another system.

When the drive is shipped from the factory, the firmware download port is unlocked allowing the drive to accept any attempt to download new firmware. The drive owner must use the SID credential to lock the firmware download port before firmware updates will be rejected.

8.5Data bands

When shipped from the factory, the drive is configured with a single data band called Band 0 (also known as the Global Data Band) which comprises LBA 0 through LBA max. The host may allocate Band1 by specifying a start LBA and an LBA range. The real estate for this band is taken from the Global Band. An additional 14 Data Bands may be defined in a similar way (Band2 through Band15) but before these bands can be allocated LBA space, they must first be individually enabled using the EraseMaster password.

Data bands cannot overlap but they can be sequential with one band ending at LBA (x) and the next beginning at LBA (x+1).

Each data band has its own drive-generated encryption key and its own user-supplied password. The host may change the Encryption Key (see Section 8.6) or the password when required. The bands shall be aligned to 4KB LBA boundaries.

36

Pulsar XT.2 SAS Product Manual, Rev. B

Page 43 Page 45
Image 44
Page 43 Page 45
Contents ST400FX0002ST400FX0012 ST200FX0002 ST100FX0002 Standard Models Self-Encrypting Drive ModelsRevision history Contents Physical/electrical specifications Defect and error managementInstallation About self-encrypting drivesPage Pulsar XT.2 SAS Product Manual, Rev. B List of Figures Page Seagate Technology support services Seagate Online Support and ServicesScope Applicable standards and reference documentation StandardsElectromagnetic compatibility Electromagnetic susceptibilityElectromagnetic compliance Electromagnetic compliance for the European UnionAustralian C-Tick Korean KCCReference documents China Restriction of Hazardous Substances RoHS DirectiveStandard features General descriptionReliability Media descriptionPerformance Programmable drive capacity Factory-installed optionsFormatted capacities Thin Provisioning Drive Configuration Performance characteristics Internal drive characteristicsPerformance characteristics Access timeFormat Mode Dcrt Bit IP Bit 400GB 200GB 100GB PerformanceCaching write data Start/stop timeCache control Reliability specifications Error ratesEndurance Management Reliability and service Preventive maintenanceData Retention Lifetime Endurance ManagementMaximum processing delay Fully-enabled delay 4 S.M.A.R.TControlling S.M.A.R.T Performance impactPredictive failures Thermal monitorState of the drive prior to testing Drive Self Test DSTDST failure definition ImplementationShort and extended tests Short test Function Code 001bExtended test Function Code 010b Log page entriesProduct warranty ShippingProduct repair and return information StorageAC power requirements Physical/electrical specificationsPower specifications DC power requirements 400GB standard model DC power requirements200GB standard model DC power requirements 100GB standard model DC power requirements General DC power requirement notes Power sequencingConducted noise immunity Current profilesCurrent profiles for 200GB models 200GB models in 6Gb operation Power dissipation400GB models in 6Gb operation 100GB models in 6Gb operation Temperature a. OperatingEnvironmental limits Shock and vibration Relative humidityEffective altitude sea level a. Operating Shock Recommended mountingCorrosive environment Air cleanlinessVibration a. Operating-normal Mechanical specifications Mounting configuration dimensions 400GB modelsWeight Pounds 100 grams Controlled access Admin SPAbout self-encrypting drives Data encryptionDefault password Random number generator RNGDrive locking Data bandsAuthenticated firmware download Power requirementsSupported commands Cryptographic eraseSSD Physical format address descriptor Bit Byte Defect and error managementDrive internal defects/errors Drive error recovery procedures SAS system errorsBackground Media Scan Auto-ReallocationSetting and determining the current Type Level Protection Information PILevels of PI Identifying a Protection Information driveInstallation Drive orientationCooling Air flowDrive mounting GroundingSAS features Interface requirementsDual port support Scsi commands supported Supported commandsPersistent Reserve Read Capacity Write Mode Sense data Inquiry dataPage Mode Sense data for 400GB drives 14 1a 00 1aMode Sense data for 200GB drives Mode PagesMode Sense values for 100GB drives Miscellaneous operating features and conditions Miscellaneous featuresMiscellaneous status SAS physical interfaceDatum B Section C C Section a a Physical characteristics Connector requirementsElectrical description Pin descriptionsSignal characteristics PowerSAS transmitters and receivers Ready LED OutSAS-2 Specification compliance LED drive signalDifferential signals General interface characteristicsIndex NumericsPage RNG See also cooling Page Seagate Technology LLC Americas
Top Page Image Contents